Docket No. 00-022-MIS 
CLAIMS : 

What is claimed is: J 

A method for securing a transaction comprising: 
receiving a request for a digest from a requestor; 
retrieving a master key; / 
retrieving unique client inf ormation,-/ 
creating the digest by hashing the lanique client 
information and the master key; and / 

returning the digest and the unique client 
information to the requestor, where/n the digest and the 
unique client information will be/used for transacting 
with a third party. / 

2. The method recited in c/aim 1 above, wherein the 
request further comprises unique requestor information 
and creating the digest mrther comprises hashing the 
unique requestor information. 

3. The method recitfed in claim 1 above, wherein the 
request includes unique merchant information which is 
used to access the' master key. 

4. The method/recited in claim 1 above, wherein the 
unique client /inf ormation includes a reference number, 
the reference number being one of a plurality of 
reference numbers provided to the client by the third 
party. / 

5. Ttie method recited in claim 1 above, wherein 
creating the digest by hashing is performed by a smart 
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6 . The method recited /in claim 1 above further 
comprises encrypting the unique client information prior 
to retrieving the unique client information. 



7. The method recited in claim 1 above, wherein the 



transaction is a credi 
is a credit card issue 



t card transaction, the third party 
r and the requestor is a merchant, 



information describing 
identifier which is sp 
transaction identifier 



further wherein the requestor information includes 



at least one of a merchant 
^ecific to the credit card issuer, a 
which is specific to the credit 
card issuer and purchase information which is specific to 
a purchase initiated by the client. 

8. A method for securing a transaction comprising: 

receiving, into a smart card, a data transmission 
from a merchant, wherein the data transmission includes 
unique merchant information, and a request for a billing 
digest; / 

retrieving unique client information, from the smart 
card memory; / 

retrieving a master key, the master key being known 
to a credit card issuer; 

creating the billing digest by hashing the unique 
client information] the master key and the unique 
merchant information onboard the smart card; and 

passing the billing digest, the unique merchant 
information and thje unique client information to the 
requestor . 
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1 9. The method recited in clain/s above, wherein the 

2 unique client information includes a reference number, 

/ ; 

3 the reference number being one' of a plurality of 

4 reference numbers provided to/ the client by the credit 

5 card issuer. / 
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10. The method recited in dlaim 8 above further 
comprises encrypting the unique client information and 
the unique merchant information prior to passing the 
information to the merchant 

11. A method for securing a transaction comprising: 
sending a data transmission to a client's smart 

card, wherein the data transmission includes unique 
merchant information and /a request for a billing digest; 

receiving the billing digest, the unique merchant 
information and unique client information from the 
client's smart card, the billing digest being hashed from 
the unique merchant information, unique client 
information and secret/ information from the client's 
smart card; and 

transmitting the /unique merchant information and 
unique client information from the client's smart card to 
a credit card issuer, 



12 



comprises receiving 
issuer. 



The method recit.ed in claim 11 above further 



response from the credit card 



1 



13. A method for securing a transaction comprising: 
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2 receiving a transaction request from a requestor, 

3 wherein the request includes a digest and unique client 

4 information; 

5 accessing a master kejy based on the unique client 

6 information; 

7 creating an authorization digest by hashing the 

8 unique client information and the master key; 

9 comparing the authorization digest with the digest 

10 from the requestor; and 

11 returning a response to the requestor, the content 

12 of the response being based on an outcome of the 

13 comparison of the authorization digest with the digest 

14 from the requestor. 

1 14. The method recited! in claim 13 above, wherein the 

2 request includes unique requestor information and 

3 creating the authorization digest further comprises 

4 hashing the unique requestor information. 

1 15. The method recited in claim 13 above, wherein the 

2 unique client informat.ion includes a reference number, 

3 the reference number being one of a plurality of 

4 reference numbers provided to the client by the third 

5 party. 

1 16. The method recited in claim 15 above further 

2 comprises: 

3 accessing all prfevi 

4 associated with the 



unique 



ously used reference numbers 
client information; 
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5 comparing the previously used reference numbers with 

6 the reference number contained in the unique client 

7 information; and / 

8 returning a response to the requestor, t/he content 

9 of the response being based on the outcome of the 

10 comparison of the previously used reference numbers with 

11 the reference number contained in the unique client 

12 information. / 

1 17. The method recited in claim 13 .above, wherein 

2 creating the authentication digest/by hashing is 

3 performed by a smart card. / 

4 / 

5 18. The method recited in cla-im 13 above further 

6 comprises decrypting the unique client information prior 

7 accessing the master key. / 

1 19. The method recited in claim 13 above, wherein the 

2 transaction is a credit /card transaction and the 

3 requestor is a merchant/, further wherein the requestor 

4 information includes information describing at least one 

5 of a merchant identifier which is specific to the credit 

6 card issuer, a transaction identifier which is specific 

7 to the credit card/ issuer and purchase information which 

8 is specific to a /purchase initiated by the client. 

1 20. A method zor securing a transaction comprising: 

2 generating a billing digest in a customer's smart 

3 card, the bo/1 ling digest being hashed from merchant 

4 information, customer information and a master key; 
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5 creating an authentication d/gest by the credit card 

6 issuer, wherein the authenticatio4 digest is hashed from 

7 the merchant information, customer information and a 

8 master key associated with the customer information; 

9 comparing the authorizatiod digest with the billing 

10 digest ; and j 

11 authorizing a transaction based on the comparison of 

12 the authorization digest with/ the billing digest. 

1 21. A method for securing ^transaction comprising: 

2 indexing a master key ^to an account identifier for 

3 an account, wherein the account is between a customer and 

4 a financial institution; j 

5 providing the master key to the financial 

6 institution and a smart cadrd controlled by the customer; 

i 

7 passing transaction data through a third party, 

8 wherein the transaction data includes at least the 

9 customer account identifier, third party information and 

10 a billing digest which is! created from the customer 

11 account identifier, the third party information and the 

12 master key. ^ 

1 22. A smart card for conducting secure transactions 

2 comprising: / 

3 a input/output mechanism; 

4 a processor; and 

5 a memory containing: 

6 financial ^account information; 

7 a master key; 

8 functionafl hashing algorithm; 
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an executable application, for executing on the 
processor, for invoking the functional hashing 
algorithm, wherein the functional hashing algorithm 
creates a digest ffom the financial account 
information and thjb master key and further wherein 
the executable application transmits, via the 
input/output mechanism, the digest and the financial 
account information to a requestor. 
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23. A system for conducting secure transactions 
comprising : 

a client smart cird for creating a billing digest 
from a resident client information, a resident master key 
and imported merchant) information; 

a merchant system for requesting the billing digest 
and for passing secure transaction information and the 
billing digest to a /financial institution, wherein the 
transaction information comprises the client information, 
and the imported mefrchant information; and 

a financial institution for receiving the 
transaction information and billing digest and for 
authorizing a transaction by: 



accessing 
information; 

creating 
master key, thfe 



a master key based on the client 



an authorization digest from the 

client information and the merchant 



information; and 



comparing 
the billing die 



the authorization billing digest with 
est . 
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24. A system for securing a transaction comprising: 
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creating means for 



receiving a request for a digest 



receiving means for 
from a requestor; 

retrieving means foif retrieving a master key; 

retrieving means foif retrieving unique client 
information; 



creating the digest by hashing 



the unique client information and the master key; and 



returning means for 



digest and the unique cl 
transacting with a thir 



returning the digest and the 



unique client information to the requestor, wherein the 



ient information will be used for 



party. 



1 25. The system recited I in claim 24 above, wherein the 

2 request further comprises unique requestor information 

3 and creating the digest! further comprises hashing the 

4 unique requestor information. 
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26. The system recite 
request includes uniqu 
used to access the mas 



in claim 24 above, wherein the 
merchant information which is 
ter key. 



27. The system recited in claim 24 above, wherein the 
unique client information includes a reference number, 
the reference number being one of a plurality of 
reference numbers provided to the client by the third 
party. 
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28. The system recited in claim 24 above, wherein the 
creating means for creating the digest by hashing is 
performed by a smart card. 
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The system recited in claim 24 above further 

neans for encrypting the unique 
client information prior to returning the unique client 
information . 
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30. The system recitled in claim 24 above, wherein the 
transaction is a credit card transaction, the third party 
is a credit card issuer and the requestor is a merchant, 
further wherein the requestor information includes 
information describing at least one of a merchant 
identifier which is specific to the credit card issuer, a 
transaction identifier which is specific to the credit 
card issuer and transaction data which is specific to a 
transaction initiated by the client. 

31. The system recited in claim 24 above further 
comprises : 

fingerprint reading and identification means for 
reading a fingerprinl and authorizing a client based on 
an identity of a client's fingerprint. 



32. A system for securing a transaction comprising: 

receiving means for receiving a transaction request 

from a requestor, wherein the request includes a digest 

and unique client information; 

accessing means for accessing a master key based on 

the unique client information; 

creating means for creating an authorization digest 

by hashing the unique client information and the master 

key; 
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10 comparing means for comparing the authorization 

11 digest with the digest from the requestor ; And 

12 returning means for returning a response to the 

13 requestor, the content of the response being based on the 

14 outcome of the comparison of the authorization digest 

15 with the digest from the requestor. / 

1 33. The system recited in claim 32/ above, wherein the 

2 request includes 1 unique requestor /information and 

3 creating the authorization digest! further comprises 

4 hashing the unique requestor information. 

1 34. The system recited in cl/aim 32 above, wherein the 

2 unique client information includes a reference number, 

3 the reference number being/one of a plurality of 

4 reference numbers provided to the client by the third 

5 party. / 

1 35. The system recited in claim 34 above further 

2 comprises: / 

3 accessing means /for accessing all previously used 

4 reference numbers as/sociated with the unique client 

5 information; / 

6 comparing means for comparing the previously used 

7 reference numbers/ with the reference number contained in 

8 the unique client information; and 

9 returning means for returning a response to the 

10 requestor, the/ content of the response being based on the 

11 outcome of the comparison of the previously used 

12 reference numbers with the reference number contained in 

13 the unique' client information. 
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; 

1 36. The system recited in claim 32 above, wherein 

2 creating the authentication /digest by hashing is 

3 performed by a smart card, 

1 37. The system recited in /claim 32 above further 

2 comprises decrypting the upique client information prior 

3 accessing the master key, 
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38. The system recited ih claim 32 above, wherein the 
transaction is a credit oard transaction, the third party 
is a credit card issuer and the requestor is a merchant, 

>stor information includes 



further wherein the requ* 
information describing a 
identifier which is spec 
transaction identifier v 
card issuer and transact: 



least one of a merchant 
ific to the credit card issuer, a 
hich is specific to the credit 
ion data which is specific to a 



transaction initiated by the client 
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39. A computer program' product for securing a 
transaction embodied on! a computer readable medium 
comprising : 

receiving instructions for receiving a request for a 
digest from a requestor; 

retrieving instructions for retrieving a master key; 

retrieving instructions for retrieving unique client 
information; I 

creating instructions for creating the digest by 
hashing the unique client information and the master key; 
and 

returning instructions for returning the digest and 
the unique client information to the requestor, wherein 



Docket No. 00-022-MIS 

14 the digest and the unique client information will be/used 

15 for transacting with a third party. / 

1 40. A computer program product for securinq/a 

2 transaction embodied on a computer readable medium 

3 comprising: / 

4 receiving instructions for receiving, into a smart 

5 card, a data transmission from a merchant, wherein the 

6 data transmission includes unique merchant information, 

7 and a request for a billing digest; 

8 retrieving instructions for retrieving unique client 

9 information, from the smart card memory; 

10 retrieving instructions for retrieving a master key, 

11 the master key being/known to a credit card issuer; 

12 creating inst/ructions for creating the billing 

13 digest by hashing the unique client information, the 

14 master key and the unique merchant information onboard 

15 the smart card; and 

16 passang instructions for passing the billing digest, 

17 the unique merchant information and the unique client 

18 information to the requestor. 



